Interesting bit of a quote

John Kelsey kelsey.j at ix.netcom.com
Sat Jul 15 03:47:25 EDT 2006 

>From: "Travis H." <solinym at gmail.com>
>Sent: Jul 14, 2006 11:22 PM
>To: David Mercer <radix42 at gmail.com>
>Cc: cryptography at metzdowd.com
>Subject: Re: Interesting bit of a quote

...
>The problem with this is determining if the media has been replaced.
>Absent other protections, one could simply write a new WORM media with
>falsified information.
>
>I can see two ways of dealing with this:
>
>1) Some kind of physical authenticity, such as signing one's name on
>the media as they are produced (this assumes the signer is not
>corruptible), or applying a frangible difficult-to-duplicate seal of
>some kind (this assumes access controls on the seals).

I think this is going to resolve to chain-of-custody rules of some
kind.  One problem is that so long as the company making the records
is storing them onsite, it's hard for an outside auditor to be sure
they aren't being tampered with.  (Can the CEO really not work out a
way to get one of his guys access to the tape storage vault?) 

>2) Some kind of hash chain covering the contents, combined with
>publication of the hashes somewhere where they cannot be altered (e.g.
>publish hash periodically in a classified ad in a newspaper).

You could do the whole digital timestamping thing here.  You could
also just submit hashes of this week's backup tape to your auditor and
the SEC or something.  

Another solution is to use cryptographic audit logs.  Bruce Schneier
and I did some work on this several years ago, using a MAC to
authenticate the current record as it's written, and a one-way
function to derive the next key.  (This idea was apparently developed
by at least two other people independently.)  Jason Holt has extended
this idea to use digital signatures, which makes them far more
practical.  One caveat is that cryptographic audit logs only work if
the logging machine is honest when the logs are written.  

--John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list